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Amendments to the Drawings 

Please remove current drawing sheet 6 that has been included in error. The Applicant ndtes ttyat 
both drawing sheets 5 and 6 contain an identical figure, namely Fig. 5 and that only one shoul^ 
be included in the application. 
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REMARKS 



r 



Applicant wishes to thank the Examiner for reviewing the present application. { 
Drawings ! 

In the Office Action, the Examiner objected to the drawings under 37 CfR 1.84(u),ias srJeets 
5 and 6 of the drawings both contain views labeled as Fig. 5. As instructed above, the <jurreiit 
drawing sheet 6 is to be removed from the application. The Applicant notes that the dujjlicaije 
Fig. 5 (i.e. sheet 6) was submitted in error. i' 

The drawings were also objected to under 37 CFR 1 .83(a). The Applicant respectfully j: 
disagrees, and believes that the features described in claim 7, namely that the packet interceptor 
is a driver included in a kernel of an operating system in computer readable medium of the i 
system, do not add additional features. The packet interceptor has been identified in Figure 3 ! ;by 
numeral 36. The limitation that the packet interceptor is a driver only limits the type of jmodiale 
that numeral 36 embodies and does not add an additional feature. l! 



The packet interceptor is part of the IPsec module 34, which is part of the layer 28. The j 
limitation that the driver is included in a kernel of an operating system in computer readable 
medium only dictates the location of the packet interceptor. The Applicant notes that psjge 3,1 
line 22-26 of the description states that each of the correspondents has a computer readable 
medium and executes an operating system. These structures are well known component^ in I; 
devices such as those used by the correspondents. Since the limitations of claim 7 were part |f 
the original application, support exists for these limitations, and the Applicant notes thatjthe I 
description has been amended for conformity (see remarks regarding claim rejections below).!; 
Therefore, it is believed that the drawings comply with 37 CFR 1.83(a). p 
Claim Objecf fons : , ! ; 

The Examiner objected to claims 5 and 10 due to several informalities, the expression "An 
system" on line 1 of claim 5 has been amended to read "A system"; and the expression M J\n : 
method" on line 1 of claim 10 has been amended to read "A method". The Word "to" hai bee| 
inserted on line 17 of claim 10 as suggested by the Examiner, and the comma on line 9 of claim 
10 has been replaced with a semicolon. The expression "having the step of bn line 3 of ^ainj 

: ! * ! 

I ■ ^ 
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10 has been amended to read "comprising the steps of. The Applicant notps that the firmal&ng 
of claim 6 has been corrected as reflected in the above amendments to the claims, without j ■■ 
amending the claim itself. The Applicant also notes that the term "protocol" on line 4 of clajin 1 
has been replaced with the term "network", consistent with the terminology: of the remajmdeijbf 
claim 1. I: 

Claim Rejection ^ 

i . i* 

The Examiner rejected claim 7 under 35 U.S.C. 1 12, first paragraph, for! failing to abmply; 
with the enablement requirement. The paragraph between page 4, line 23 aikd page 5, hWlcjiof 
the specification has been amended to comply with 35 U.S.C. 1 12. Specifically, the exjjressipn 
"included in a kernel of the operating system of the computer readable medijum of the system? 
has been inserted at line 27 of page 4, between "driver" and "placed". Sinc^ this limitation was 
originally present in claim 7, no new subject matter has been added. The Applicant notis thai; 
the above amendment does not add any additional features to the invention, but only describes a 
particular implementation and location in the system. 

The Examiner rejected claims 4, 5, 8 and 9 under 35 U.S.C. 1 12, secondiparagraph, as being 
indefinite. 

In claim 4, the expression "the step of examining" has been amended to read "the step of 
determining whether to process said at least one data packet by examining", which was I 
introduced in claim 1. The Applicant notes that the expression "said data pabket included farther 
the steps of" on line 2 of claim 4, has been amended to read "said data packet further includes 
the steps of". 

In claim 5, the expression "at least one data packet" on line 5, has been amended to Head "kt 
least one encapsulated IP packet", to provide the necessary antecedence for the expression "sa^id 
encapsulated IP packet" on line 6. The expression "said cryptographic transformations" Us been 
amended to read "said cryptographic functions" consistent with the expression "providing I : 
cryptographic functions" on line 2 of claim 5 . j 

In claim 8, the expression "cryptographic transformations" has been amended to readj | ; 
"cryptographic functions", consistent with the terminology of claim 5. j 
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In claim 9, "said" has been inserted between "wherein" and "secure" on line 1, "of jiaid 
system are" has been inserted between "is" and "provided" on line 2, and "i;s" removedjfromjjlinfc 
2. The expression "for secure communications between correspondents of said system'! has keen 
inserted on line 1 of claim 5 between "packets" and "by", thereby providing the necessary 
antecedence for the terminology used in claim 9. 

: ; i \ 

' I; 

; ; I* 

The Examiner has rejected claims 1-3, 5, and 8- 10 under 35 U.S.C. 102(e) as being I 
anticipated by U.S. Patent Publication No. 2002/01 84487 to Badamo et al. The Applicant 

respectfully traverses this rejection. ji 

T . . , ■ ii 

The present invention teaches how to add IPsec tunneling transparently to point-to-p>int j ! 

protocol (PPP) datagrams. Specifically, what has been described, and claimjed, is to protect aln IP 

packet inside an outbound PPP packet by placing the IP packet inside an EPslec tunnel inside tjie 

PPP packet. Similarly, on inbound traffic, the IP packet is extracted from art IPsec tunnel within 

an inbound PPP packet. In adding IPsec capability to an existing PPP implementation, no 

modifications are required to the operating system, or the addition of hardware. 

As shown in Figures 4 and 5 and described on page 5, line 20 to page 6, line 12, PPP 
datagrams are intercepted both inbound and outbound of the network stack. The PPP datagrams 
have encapsulated data packets that are en route along the network stack. The PPP datagrams'! I 
are decapsulated to retrieve the encapsulated data packets and these packets are examined to jl ! 
determine whether to process the same. The packets are then modified to provide cryptcjgrapjlic ■ 

functions (e.g. IP sec) and encapsulated for transmission to another layer in the network steck.f 

i i 

Therefore, the PPP datagrams are decapsulated to reveal the encapsulated data packers I 
therein and if processing is required, cryptographic functions are added thereto and then i I i 
encapsulated within the PPP header and trailer to create a new PPP datagram. Since the ! j i 
encapsulation results in the original IP packet being hidden or included inside a PPP datagram! 
the IP header of the tunnel mode protected packet provides the necessary routing information, i 
enabling the packet to travel through a communication network without revealing the finil I '■ '■ 
destination stored in the original IP packet header (which is encapsulated with the cryptokrapljjc ; 
functions). Qnce the encapsulated IP packets reach their destination, the encapsulation hfcaderj \ 
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can be removed and the original IP packet header used to route the packet toi its final de&inatjon. 

Claims 1, 5 and 10 clearly describe the above features. j. 

Badamo teaches a network gateway device with a network physical interface for rec&Yin^ 
and transmitting data and for receiving packets for transmission and forwardling packets jfromj 
received data. A packet processor includes an ingress processing security subsystem with a 
decryption processor for decrypting packets and an egress processing security subsystem for 
encrypting packets. Therefore, Badamo provides separate incoming and outgoing security: 
subsystems. 

As described on page 4, column 1, lines 15-54 (which the Applicant notes has been cjited ^y 
the Examiner inter alia, Badamo teaches the operation of the ingress and egress subsystems. 
Each subsystem is responsible for its respective processing of packets, whether they are I 
incoming or outgoing. For example, the ingress subsystem processing incoming packet^ and 
includes one of protocol translation, decapsulation, decryption, etc. The ingress subsystemis 
configured to handle one of the above operations as part of the incoming processing. Howfcv^r, 
Badamo does not teach protecting an IP packet inside a PPP packet by encapisulating the; IP 1 
packet and applying cryptographic functions which is placed within the PPPlpacket. Badamo Is 
entirely silent in that regard. Badamo is concerned with the separate processing of outbdund &nd 
inbound packets using separate subsystems. Badamo is not concerned with transparent!^ 
protecting a data packet using, e.g., IPsec capability in a PPP implementation without re4uiririg 
modifications to the operating system. On the contrary, if Badamo wishes to use IPsec, such 
capabilities would be configured in the ingress and egress subsystems as desired. 

! ' ) 

i i I 

The Applicant believes that the Examiner has misconstrued the teaching^ of Badamol ! 
Regarding claim 1 : 1) Badamo does not examine the packets once they are decapsulated jto | 
determine whether they are to be processed and 2) does not teach modifying k decapsulatjed ! : 
packet to provide cryptographic functions and encapsulating the modified papket for \ 
transmission, The Examiner has taken a series of optional features that have -merely beeii j- 
mentioned in Badamo, and pieced them together, without properly appreciating the nature of j 
Badamo's teachings and how Badamo's system actually operates. ! 

Therefore, the Applicant believes that Badamo fails to teach the method recited in clajini 1 j 
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and as such, claim 1 clearly and patentably distinguishes over Badamo, and is in condition fjir 
allowance. Claims 2-4 are either directly or indirectly dependent on claim 1, and therefore, lire 
also believed to distinguish over Badamo. i 

Claim 5 describes a system suitable for implementing the method of claim 1, and therefore 
similar arguments apply with respect to Badamo. Claims 6-9 are either directly or indirectly '.. 
dependent on claim S, and as such, are also believed to distinguish over Badamo. 

Claim 10 describes a method similar to claim 1 , directed to providing a cryptographic system 
for communication between correspondents in a communication network. Claim 10 prbvideij 
similar processing of the data packets as claim 1 , therefore, similar argumerits apply. 
Accordingly, the Applicant believes that claim 10 also distinguishes over Bfdamo. 



The Examiner has rejected claim 4 under 35 U.S.C. 103(a) as being unpatentable ovjer 
Badamo in view of US. Patent No. 6,438,612 to Ylonen. Although claim 4 is dependent on 
claim 1, the Applicant will show that the claims of the present application also distinguish over 
such a combination. 

Ylonen teaches a system and method for enabling the identification of virtual networks 
and/or virtual routers in the course of tunneling data packets through a netwbrk. As indicaledlby 
the Examiner, Ylonen teaches checking header information of packets that aft sent in the j ; 
communication system described therein. However, Ylonen does not teach transparently |i 
protecting a data packet using, e.g., IPsec capability in a PPP implementation without rejjuirii}g 
modifications to the operating system. There is no suggestion in Ylonen to implement siich \- 
functionality. Ylonen is silent in that regard. Ylonen fails to teach the missing elements! not I' 
found in Badamo, and there is no suggestion that would enable a person skilled in the ar| to ji 
achieve the system and methods described in claims 1, 5 and 10. j : 

; I - 

Therefore, the Applicant believes that the combination of Ylonen and Badamo does ilottejjch 
all of the elements of claims 1, 5, and 10, nor is there any suggestion of suchjan implementation 
in either reference. Accordingly, claims 1-10 are believed to patentably distinguish overke j 
combination of Ylonen and Badamo. 
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f ; 

i i ; 

The Examiner has rejected claims 6 and 7 under 35 U.S.C. 103(a) as being unpatentable ^)ver 
Badamo in view of U.S. Patent Publication No. 2004/0054794 to Lantto et pi. Although claims 6 
and 7 are dependent on claim 5, the Applicant will show that the claims of the present 1 
applicationialso distinguish over such a combination, 

Lantto teaches a system and method for Internet Protocol data communications. Lafcttp 
provides a way to remotely and securely access a computer in a private network. A remote 

j ; 

access login system is profiled for accessing the private network via a pseudo-connectionless^ 
technology device, ' 

As indicated by the Examiner, Lantto describes a driver included in a kernel of an operating 
system. However, Lantto does not describe encapsulating a data packet to provide cryptographic 
functions and encapsulate the protected packet in a PPP packet. Lantto, therefore, does not teach 
the missing features of claims 1, 5 and 10, not found in Badamo. The Applibant believejs thafi 
there is nothing in the teachings of Lantto that would suggest the Badamo' s jteachings cbuld be 
modified to arrive at the system of claim 5 or methods of claims 1 and 1 0. j 

Therefore, the Applicant believes that the combination of Badamo in viejw of Lantto! does! not 
teach every element of claims 1, 5 and 10. Accordingly, claims 1-10 are believed to patUtabjy 
distinguish over such a combination. \\ 



Summary 

In view of the foregoing, claims 1-10 presented in this amendment are believed to cojnstitub 
patentable subject matter under 35 U.S.C. 102 and 103, and comply with 35 fJ.S.C. 112,jand as 
such, are in condition for allowance. The drawings and description are also believed to be in 
condition for allowance. 



BEST AVAILABLE COPY 

21396064.J 12 T j 



APR. 22. 2005 4:34PM 

Appl. No. 09/903,612 

Amdt. Dated: April 22, 2005 

Reply to Office Action of: October 25, 2004 



NO. 2385 P. 17 ' ! 



Applicant requests early reconsideration and allowance of the present application. 



Re'toectfully submitted, 




John R.S. Orang* 
Agent for Applicant 
Registration No. 29,725 



Blake, Cassels & Graydon LLP 

Suite 2800, P.O. Box 25 

199 Bay Street, Commerce Court West 

Toronto, Ontario M5L 1A9 

CANADA 

Tel: 416.863.3164 
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